Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
3/30/2021
02:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Optiv Security Introduces Enterprise Lab Focused on IoT in IT

Lab to address client concerns; will identify, assess, and mitigate IoT device security challenges.

DENVER – March 30, 2021 – Optiv Security, a security solutions integrator delivering end-to-end cybersecurity solutions, today unveiled its Enterprise Internet of Things (IoT) Lab in response to a growing and ever-present pain point for client security leaders – the proliferation of IoT devices on organizational networks. Chief information security officers (CISOs) are dealing with sizeable blind spots and have expressed the clear need for support in discovering those devices and bringing them into their existing vulnerability management programs with an expanded objective of total network protection that goes beyond simple device discovery and assessment. Optiv’s Enterprise IoT Lab will:

  • Show organizations how to discover IoT devices present in their environment, assess devices for vulnerabilities, and mitigate outstanding security issues.
  • Provide a baseline platform for development of automated vulnerability management and incident response solutions for IoT.
  • Position IoT/OT/ICS security solutions where their integrations into other technologies can be developed and tested end-to-end.

“Current technologies focused on traditional network assets can fall short when trying to assess IoT targets, and solutions focused on the OT/ICS space don’t always integrate with the enterprise vulnerability management solutions,” said Sean Tufts, practice director, IoT Security, Optiv. “We’re now able to prove out these solutions in an environment that provides access to a wide spectrum of partner technologies.”

Optiv has partnered with Palo Alto Networks, Tenable, and Armis to highlight how these solutions react in a real-world environment of live devices. In addition, Gigamon has been leveraged to enable each solution’s monitoring requirements.

"Our Unit 42 IoT threat research, based on analysis of 1.2 million devices, found that nearly 98 percent of IoT traffic is unencrypted and more than half of all IoT devices are susceptible to severe cyber-attacks. This is why a prevention-first approach is the need of the hour instead of alert-only solutions,” said Muninder Singh Sambi, senior vice president, product management, Palo Alto Networks. "Optiv’s Enterprise IoT Lab is a welcomed development.”

The Lab will drive solutions from real-world sources and/or data supplied from a client environment. More than 50 common corporate IoT targets are in the environment and will be tested and demonstrated on to highlight vulnerability management best practices in live-time as they relate to source (insiders, third parties, bad actors) and threat (unsecured remote access, weak passwords, legacy technologies, pre-installed spyware, hackable devices).

“Optiv has substantial experience in embedded device vulnerability analysis,” said Mark Thurmond, chief operating officer, Tenable. “We’re excited to be a part of Optiv’s IoT lab to lend our converged IT/OT expertise in exploitation techniques and best practices to continue driving innovation in the IoT security space for our shared clients.”

For more information about Optiv’s IoT security services, visit Optiv IoT.

Follow Optiv  

Twitter: www.twitter.com/optiv  
LinkedIn: www.linkedin.com/company/optiv-inc  
Facebook: www.facebook.com/optivinc  
YouTube: https://www.youtube.com/c/OptivInc  
Blog: https://www.optiv.com/explore-optiv-insights/blog  

Optiv Security: Secure your security.TM 
Optiv is a security solutions integrator – “one-stop” trusted partner with a singular focus on cybersecurity. Our end-to-end cybersecurity capabilities span risk management and transformation, cyber digital transformation, threat management, cyber operations, identity and data management, and integration and innovation, helping organizations realize stronger, simpler and more cost-efficient cybersecurity programs that support business requirements and outcomes. At Optiv, we are modernizing cybersecurity to enable clients to innovate their consumption models, integrate infrastructure and technology to maximize value, achieve measurable outcomes, and realize complete solutions and business alignment. For more information about Optiv, please visit us at www.optiv.com.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27394
PUBLISHED: 2021-04-16
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions <...
CVE-2020-9667
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.
CVE-2020-9668
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.
CVE-2020-9681
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction.
CVE-2021-26830
PUBLISHED: 2021-04-16
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.